Overview
- Description
- In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access to external user data.
- Source
- security@huntr.dev
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Social media
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2024-7474
@transilienceai
10 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-7474
@transilienceai
8 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-7474 In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id'… https://t.co/Wb82U5bDMa
@CVEnew
29 Oct 2024
257 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-7474: CRITICAL] The lunary-ai/lunary app's version 1.3.2 has an IDOR vulnerability. It allows users to view or delete external users by modifying the 'id' parameter in the URL.#cybersecurity,#vulnerability https://t.co/kRWDy3FSPO https://t.co/v5ZPgTi3Xj
@CveFindCom
29 Oct 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FD5C422-483D-4A50-A6B8-25C1352C3F46",
"versionEndExcluding": "1.3.4"
}
],
"operator": "OR"
}
]
}
]